Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data
A ransomware attack on Change Healthcare, a critical payment and claims processing platform owned by UnitedHealth Group (UHG), has caused widespread disruptions across the U.S. healthcare system. The incident, first detected on February 21, 2024, forced the company to take its systems offline, halting prescription processing, insurance claims, and billing operations for pharmacies, hospitals, and clinics nationwide.
The attack has been attributed to the BlackCat/ALPHV ransomware group, which claimed responsibility and allegedly exfiltrated 6 terabytes of sensitive data, including patient records, payment details, and personal information. While UHG has not confirmed whether a ransom was paid, reports suggest the group received a $22 million payment one of the largest known ransomware payouts to date.
The fallout has been severe: pharmacies reported delays in filling prescriptions, healthcare providers faced cash flow shortages due to unprocessed claims, and some patients were forced to pay out-of-pocket for medications. The U.S. Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) are investigating the breach, which has raised concerns about the vulnerability of third-party healthcare vendors.
Change Healthcare has since restored some services, but full recovery remains ongoing. The incident underscores the growing threat of ransomware to critical infrastructure, particularly in sectors reliant on interconnected digital systems.
UnitedHealth Group cybersecurity rating report: https://www.rankiteo.com/company/unitedhealth-group
Change Healthcare cybersecurity rating report: https://www.rankiteo.com/company/change-healthcare
"id": "UNICHA1769160792",
"linkid": "unitedhealth-group, change-healthcare",
"type": "Ransomware",
"date": "2/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Pharmacies, hospitals, clinics '
'nationwide',
'industry': 'Healthcare',
'location': 'United States',
'name': 'Change Healthcare',
'type': 'Healthcare payment and claims processing '
'platform'},
{'industry': 'Healthcare',
'location': 'United States',
'name': 'UnitedHealth Group (UHG)',
'type': 'Parent company'}],
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Patient records, payment '
'details, personal information'},
'date_detected': '2024-02-21',
'description': 'A ransomware attack on Change Healthcare, a critical payment '
'and claims processing platform owned by UnitedHealth Group '
'(UHG), has caused widespread disruptions across the U.S. '
'healthcare system. The incident forced the company to take '
'its systems offline, halting prescription processing, '
'insurance claims, and billing operations for pharmacies, '
'hospitals, and clinics nationwide. The attack has been '
'attributed to the BlackCat/ALPHV ransomware group, which '
'allegedly exfiltrated 6 terabytes of sensitive data, '
'including patient records, payment details, and personal '
'information. The fallout has been severe, with pharmacies '
'reporting delays in filling prescriptions, healthcare '
'providers facing cash flow shortages, and some patients '
'forced to pay out-of-pocket for medications.',
'impact': {'data_compromised': '6 terabytes of sensitive data',
'identity_theft_risk': 'High',
'operational_impact': 'Halted prescription processing, insurance '
'claims, and billing operations; cash flow '
'shortages for healthcare providers; '
'patients forced to pay out-of-pocket for '
'medications',
'payment_information_risk': 'High',
'systems_affected': 'Payment and claims processing systems, '
'prescription processing, insurance claims, '
'billing operations'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': 'Yes',
'ransom_paid': '$22 million (alleged)',
'ransomware_strain': 'BlackCat/ALPHV'},
'regulatory_compliance': {'regulatory_notifications': 'U.S. Department of '
'Health and Human '
'Services (HHS), '
'Cybersecurity and '
'Infrastructure '
'Security Agency '
'(CISA)'},
'response': {'containment_measures': 'Systems taken offline',
'law_enforcement_notified': 'U.S. Department of Health and Human '
'Services (HHS), Cybersecurity and '
'Infrastructure Security Agency '
'(CISA)',
'recovery_measures': 'Some services restored, full recovery '
'ongoing'},
'threat_actor': 'BlackCat/ALPHV',
'title': 'Cyberattack Disrupts Major U.S. Healthcare Network, Exposing '
'Patient Data',
'type': 'Ransomware'}